[jira] [Commented] (AMQ-9475) ConsumerControl commands for wildcard consumers should not auto-create destinations

Thu, 11 Apr 2024 03:56:12 -0700 


    [ 
https://issues.apache.org/jira/browse/AMQ-9475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17836115#comment-17836115
 ] 

ASF subversion and git services commented on AMQ-9475:
------------------------------------------------------

Commit 78d95552338db1be2b95fc5c2fdd4eae8d045458 in activemq's branch 
refs/heads/main from Christopher L. Shannon
[ https://gitbox.apache.org/repos/asf?p=activemq.git;h=78d955523 ]

Merge pull request #1200 from cshannon/AMQ-9475

AMQ-9475 - ConsumerControl commands should not auto create wildcard dests

> ConsumerControl commands for wildcard consumers should not auto-create 
> destinations
> -----------------------------------------------------------------------------------
>
>                 Key: AMQ-9475
>                 URL: https://issues.apache.org/jira/browse/AMQ-9475
>             Project: ActiveMQ Classic
>          Issue Type: Bug
>            Reporter: Christopher L. Shannon
>            Assignee: Christopher L. Shannon
>            Priority: Major
>             Fix For: 6.2.0, 5.18.5, 6.1.2
>
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> While investigating AMQ-9472, it was 
> [pointed|https://github.com/apache/activemq/pull/1198#issuecomment-2046523027]
>  out in some cases (like with Stomp) wildcard destinations that do not exist 
> could be auto created on subscribe which besides creating the extra 
> destination, can also lead to errors if proper ACLs are not set up.
> As 
> [pointed|https://github.com/apache/activemq/pull/1198#issuecomment-2047625950]
>  out, the bug here is that wildcard destinations should not be auto-created 
> just by subscribing using a wildcard. There is a check for this in 
> [addConsumer()|https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L344-L346]
>  but 
> [processConsumerControl()|https://github.com/apache/activemq/blob/e025e443e65d4bd3c2c27f11d6caa7bfbd2c9626/activemq-broker/src/main/java/org/apache/activemq/broker/region/AbstractRegion.java#L694]
>  does not have the checks. So any time that command is sent (like prefetch 
> update) this could be an issue.
> This can be fixed by only looking up destinations that are wildcards and not 
> auto creating them when processing consumer control objects just like 
> addConsumer() does.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to